A Static Analyzer for Large Safety-Critical Software

TL;DR

This paper presents an efficient, precise static analysis method based on abstract interpretation for verifying properties of large safety-critical software, with novel refinement, parametrization, and symbolic techniques.

Contribution

It introduces a refinement and parametrization approach to static analyzers, enhancing precision and efficiency for large safety-critical programs.

Findings

Verified data manipulation operations at machine level

Achieved few or no false alarms in analysis

Applied to safety-critical embedded software

Abstract

We show that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement of a general purpose static analyzer and later adaptation to particular programs of the family by the end-user through parametrization. This is applied to the proof of soundness of data manipulation operations at the machine level for periodic synchronous safety critical embedded software. The main novelties are the design principle of static analyzers by refinement and adaptation through parametrization, the symbolic manipulation of expressions to improve the precision of abstract transfer functions, the octagon, ellipsoid, and decision tree abstract domains, all with sound handling of rounding errors in floating point computations, widening strategies (with thresholds, delayed) and the automatic determination of the parameters (parametrized packing).